A hospital district in Houston has found 2,488 records for patients named Maria Garcia—and 231 of them shared the same birthday.

When 67-year-old Maureen Kelly, complaining of abdominal pain, was wheeled into the emergency room of Beth Israel Deaconess Medical Center in Boston in the winter of 2015, the medical staff immediately typed her name, date of birth, and address into a terminal connected to the hospital’s electronic health record system—and to the state health information exchange, which aggregates information on patients throughout Massachusetts.

Doctors soon thought they knew why Kelly was weak and confused: The computerized records showed she was diabetic and had only one kidney. They feared she was suffering from diabetic complications or had renal disease, which is often linked to diabetes.

They considered giving her insulin to keep her blood sugar from spiking. But as they read her records, they became confused themselves. Notes from one recent medical visit suggested that Kelly wasn’t diabetic, and another notation mentioned that both her kidneys were unremarkable and functioning normally. (Some details of the case, related by hospital officials and including the patient’s exact name, have been changed for her privacy.)

As the ER doctors kept scrolling through the records, they realized something else: The system included records for five Maureen Kellys, all with the same birthdate and living in the same ZIP code, a largely Irish-American neighborhood in South Boston.

The Beth Israel staff members later reported that they had no idea what information in the electronic records system was correct for the Maureen Kelly in their emergency room—or how many of the electronic system’s five Maureen Kellys with the same birthdate might actually be the same person with duplicate records. So the team fell back on the most fundamental lesson of medical training: the Hippocratic injunction to first do no harm. They treated her based on her symptoms, and on lab tests they ordered.

Fortunately, Maureen Kelly recovered. But hers was far from an isolated case. In the past decade, electronic records have become the norm in medical facilities around the nation, but there has been no national system to ensure that an individual record matches an individual patient. Birthdates often help but are far from guarantees: A hospital district in Houston has found 2,488 records for patients named Maria Garcia—and 231 of them shared the same birthday.

And sometimes it’s not mismatched records that cause problems and lead to safety concerns, but how medical providers interact with electronic systems. For example, a 16-year-old patient in California was inadvertently given 38 times the appropriate amount of an antibiotic. The physician didn’t realize that the default setting in the system automatically adjusted the dosage based on the patient’s weight. As a result of the massive overdose, the patient suffered a near-fatal grand mal seizure.

Another safety threat can come from “alert fatigue.” Electronic records send automatic alerts that pop up on the computer screen, warning of potentially dangerous drug interactions or drug allergies. This feature has saved lives. But in some cases, these warnings are repetitive and pop up so often that doctors reflexively dismiss them from the screen. As a result, they may unintentionally ignore new and important warnings, endangering patients.

***

In the past decade, nearly every hospital and health system in the country has made the shift from old-fashioned handwritten charts and scrawled, frequently illegible prescription orders to electronic health records and medication orders placed through computers.

Overall, this shift has dramatically improved the safety of most patients—but it also created a new source of error that poses its own set of risks, says Jacob Reider, former acting national coordinator of health information technology for the U.S. Department of Health and Human Services. The new record systems virtually eliminated certain kinds of errors, he says, such as giving patients drugs they are allergic to, or dispensing the wrong drug because a pharmacist misread a handwritten prescription.

“Health information technology has significantly enhanced the safety of humans whose information is stored in this system,” Reider says. “We are much safer because of this change. But the technology also introduced new safety hazards, and we have to learn how to mitigate them.”

The effort to manage these risks and to help the health care industry realize the full potential of electronic health records has emerged as a key public health concern. Pew’s health information technology project is working with partners in industry and government to address these challenges by focusing on two key issues: helping different electronic systems communicate about the same patient, and reducing the likelihood of harm.

Doctors Raj Ratwani (left) and Terry Fairbanks of MedStar’s National Center for Human Factors in Healthcare study how people interact with health care technology, and found that many electronic records systems were implemented too quickly. They’re now working with Pew and the American Medical Association to improve safety.

Charlie Archambault for The Pew Charitable Trusts

“The transition from paper to electronic health records has definitely improved patient care. We certainly don’t want to go back to the age of paper, but the transition hasn’t come without serious challenges,” says Ben Moscovitch, who directs Pew’s work to improve electronic health records. “We have to get policymakers to continue to focus on electronic records, and industry and hospitals and doctors need to come together to make these systems more efficient and safer for everyone.”

***

Although some health care systems, including Beth Israel Deaconess, began developing electronic record systems nearly 40 years ago, the widespread transition from paper records to electronic ones was accelerated by the federal Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The law called for Medicaid and Medicare programs to offer premiums to participating health providers for switching to electronic records—and then, as time passed, to impose penalties for those who didn’t.

“The incentives were significant and the disincentives were extraordinary,” says Reider. “And that’s why 97 percent of hospitals now use electronic health records.”

In hindsight, says Terry Fairbanks, founding director of the National Center for Human Factors in Healthcare at the MedStar Institute for Innovation in Washington, “the adoption of electronic health records happened too quickly.” Hospitals began using the new systems before they’d been optimized and tested—and without putting in place systems and procedures to ensure patient safety, says Fairbanks, whose organization is working on a joint project with Pew and the American Medical Association to improve safety.

Mistakes can arise from a combination of factors: how systems are designed, how they are customized when installed in a hospital, and how doctors and nurses use the technology. This can lead, for example, to errors such as a drug being ordered for the wrong patient, or the wrong dosage being administered.

Safety can also be influenced by what’s not in an electronic record. Christopher Lehmann, professor of pediatrics and biomedical informatics at Vanderbilt University School of Medicine, says a useful record will provide a pediatrician with child growth charts, guides for prescribing medication doses based on a child’s weight, and automated systems for tracking well-child visits and immunizations. Lehmann has surveyed pediatricians to learn about their use of electronic records, and he’s not impressed.

“We discovered that a majority were using [electronic records], but [the records] didn’t have pediatric functionality,” Lehmann says. In 2012, only 8 percent of electronic records had this kind of capacity, and by 2016 that number was still under 20 percent, he says. “That’s not good.”

Pew is working with the Children’s Hospital Association and others to encourage better criteria for electronic records for children.

Pew also is working with the MedStar Human Factors Center —which studies how humans interact with health care technology—with an eye toward improving quality, efficiency, and safety. In 2012 and 2013, Fairbanks, co-director Raj Ratwani, and other staff members visited 11 companies that make electronic health record systems to observe as they developed and tested their products. The work, funded by the federal office that oversees health information technology, was “a big eye-opener,” Ratwani says.

In other industries—such as aviation and medical devices—developers of technology understand the need to assess usability by having the people who will actually work with a product take part in testing it, alongside safety engineers, Ratwani says.

Yet about a third of the electronic health record companies his team visited didn’t do that. It’s not just a matter of bringing the right people to a conference room to discuss their needs, or having them preview a system, Ratwani says, because “people are not able to technically articulate what their cognitive needs are.” The best way to understand how people and systems will function together, he says, is to study and observe them using the system in real-life scenarios. It’s also important to involve safety experts from outside the health care industry for a broader perspective when testing systems.

Pew; the ECRI Institute, a patient safety nonprofit located outside Philadelphia; the Bipartisan Policy Center, a nonpartisan think tank; and the Alliance for Quality Improvement and Patient Safety, a coalition of organizations aimed at reducing patient harm, are proposing a voluntary, private sector, national health information technology group to study safety issues and develop solutions for the use of IT in the health care sector.

The group would bring together health care providers, health IT companies, safety experts, and patient safety groups to gather data about risks, make recommendations for solving them, and distribute information on safety tools and best practices.

***

The safety problems associated with electronic health records are in part a function of how new they are, says Ronni Solomon, executive vice president and general counsel for the ECRI Institute. “Any technology has risks,” she says, “especially a technology that rolls out quickly and is embraced broadly.”

She and other observers compare what’s happening to the early years of the aviation industry, when it grew with little government oversight, and safety concerns were rampant. Flight safety has improved steadily since, thanks to advances in technology, training, and understanding of the human factors involved in accidents. Led by the Federal Aviation Administration, the airline industry created a culture of safety in which even the smallest safety issue on a flight is investigated in a timely way to ensure that it doesn’t happen again. Last year, not a single airline passenger died in a jet crash anywhere in the world.

Acknowledging error when it occurs is critical and actually welcomed by the electronic medical records industry, says Stephanie Zaremba, government affairs director at Athenahealth, a Massachusetts-based developer of electronic health records. “Shame-and-blame culture isn’t conducive to learning from mistakes,” she says. “Humans will make errors. The important thing is to learn from mistakes that get made.”

To encourage companies that make electronic health record systems to report problems, the 21st Century Cures Act—which became law in December 2016—protects reports of events submitted to patient safety organizations from disclosure in lawsuits. However, the federal government has not yet indicated how it will implement this new law.

This should lead to greater sharing of information, says Zaremba. “Providers want to know immediately if there’s a glitch,” she says, “but as [an electronic records] developer, you also want to know as soon as it’s discovered by a provider.”

Ideally, the universal use of electronic health records should enable doctors anywhere to quickly access accurate information about patients no matter where they live. But the many different systems currently in use in the U.S. don’t all speak to each other: They aren’t, in the jargon of the tech industry, interoperable.

"Universal use of electronic health records should enable doctors anywhere to quickly access accurate information about patients no matter where they live."

Although the industry is dominated by several big companies, there are literally hundreds of electronic health record systems on the market, each with its own design. Companies sometimes charge for sharing information between systems.

Of course, even when systems can talk to each other, it’s important that they’re talking about the right patient. The U.S. lacks a standardized way of identifying patients in electronic health records; in fact, legislation that was passed decades ago amid privacy concerns bars the federal government from spending money to develop a patient ID number. Many health care organizations use Social Security numbers, which leaves many patients—and privacy groups—uneasy, because the numbers link to so much personal financial information.

"Even when systems can talk to each other, it’s important that they’re talking about the right patient."

Pew is collaborating with the Beth Israel Deaconess chief information officer, John Halamka, as well as the Rand Corp. and other groups that are exploring other voluntary methods to identify patients and better match their records.

For example, some airports are now using fingerprint or iris scanners at security lines. The same technology could serve as a unique identifier in health care—but only if there is agreement on what to scan and how to share the information in a secure way. Halamka is now piloting this approach in South Africa in an effort to ensure that the records of HIV test results and treatments link to the correct patients.

The challenge there is that “name, gender, and date of birth doesn’t work very well when you’ve got a highly mobile workforce,” he says. “So we implemented iris scanning. Every time you have a lab test, we attach your iris scan to that lab result. If you show up at any clinic
in the country, you get your irises scanned. Then we can say, ‘Oh, here are all the lab tests associated with those irises.’”

Pew is also exploring another approach: having patients more directly involved in making sure their records are correctly matched. Pew’s work with Rand is evaluating several voluntary options, including new patient ID numbers, establishment of a single storage place for all records, and use of smartphone technology. In January, for example, Apple unveiled a feature that it says will make “accessing secure medical records from an iPhone as simple for a patient as checking email.” Other companies are likely to follow suit.

Regardless of how the process unfolds, everyone involved in the field agrees: Electronic health records hold enormous potential for medical care, but significant challenges remain before this technological advancement can reach its full potential.

“Electronic health records can help usher in a future in which doctors can make better decisions more rapidly and provide the best possible care to patients,” Moscovitch says. “But making sure the technology can actually meet its potential to share data and maximize patient safety will take collaboration among the developers of these systems, hospitals, clinicians, and government. It’s important that we get this right to save lives and improve care.”

Rob Waters, who covered science and biotechnology for Bloomberg News, last wrote for Trust about Pew’s work to address the national opioid crisis.